Today, we released version 4.3.7 of the authoritative DNS nameserver NSD.
This release fixes a crash in dnstap. New features are XoT which provides AXFR and IXFR over TLS, and DNS Cookies support and SVCB and HTTPS RR type support.
For zone transfer TLS can be turned on by specifying the tls-auth-name in the request-xfr config option, like request-xfr: 192.0.2.1 NOKEY ns.example.com. With the tls-cert-bundle option, in the server section, the list of certificates for authenticating the transfers over TLS can be configured.
The DNS cookies can be turned on or off with the answer-cookie option, and instead of a randomly generated secret, for anycast or loadbalanced deployment, the secret can be configured with cookie-secret or cookie-secret-file and rollover of the cookie secret can be performed with the nsd-control commands add_cookie_secret, activate_cookie_secret and drop_cookie_secret, using the cookie-secret-file.
The SVCB and HTTPS RR type support mean that in zone files the syntax for these RR types can be used and is written when a zone is downloaded. In previous versions the unknown RR type support code provided a fallback syntax in zone files and on the wire functionality for these types.
You can get source packages of this version from the downloads page.